From nobody@FreeBSD.org  Wed Aug  8 06:51:38 2007
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 06C1616A417
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  8 Aug 2007 06:51:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id E6AEE13C45A
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  8 Aug 2007 06:51:37 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l786pb5R002097
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 8 Aug 2007 06:51:37 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l786pbTq002089;
	Wed, 8 Aug 2007 06:51:37 GMT
	(envelope-from nobody)
Message-Id: <200708080651.l786pbTq002089@www.freebsd.org>
Date: Wed, 8 Aug 2007 06:51:37 GMT
From: Pekka Savola <pekkas@netcore.fi>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ip6_fw doesn't count base IPv6 header in byte statistics
X-Send-Pr-Version: www-3.0

>Number:         115293
>Category:       kern
>Synopsis:       [ipv6] [patch] ip6_fw doesn't count base IPv6 header in byte statistics
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-net
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 08 07:00:04 GMT 2007
>Closed-Date:    Fri Aug 10 20:52:32 GMT 2007
>Last-Modified:  Fri Aug 10 20:52:32 GMT 2007
>Originator:     Pekka Savola
>Release:        6.2-STABLE
>Organization:
>Environment:
FreeBSD sixpack.funet.fi 6.2-STABLE FreeBSD 6.2-STABLE #10: Tue Aug  7 10:59:15 EEST 2007     root@sixpack.funet.fi:/usr/obj/usr/src/sys/SIXPACK  i386

>Description:
I noticed that in contrast to IPv4, 'ip6fw -ta l' output doesn't seem to
include the base IPv6 header in byte statistics as evidenced by the following
stats line:

00004      38913          0 Wed Aug  8 09:46:00 2007 deny ipv6 from 2001::/32 to fe80::/10

Digging around, this seems to be a problem in netinet6/ip6_fw.c:

                /* Update statistics */
                f->fw_pcnt += 1;
                f->fw_bcnt += ntohs(ip6->ip6_plen)

. but "ip6_plen" only includes the length of the next header.  This is
incorrect in two ways: 1) it doesn't include the base header itself, and
2) if there are multiple next headers (chained extension headers), this
will only list the length of the first one.

Looking at IPv4 code, the latter should probably be something like (not tested):

 f->fw_bcnt += (*m)->m_pkthdr.len;

. which should fix both the problems above.

>How-To-Repeat:
Create an ip6fw rule (e.g. TCP RST reject rule is good) with with it's
easy to create just one hit.  Run tcpdump and check the byte counter.
>Fix:
Probably replace fw_bcnt with m_pkthdr.len.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Aug 10 20:41:48 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=115293 
State-Changed-From-To: open->closed 
State-Changed-By: mlaier 
State-Changed-When: Fri Aug 10 20:48:26 UTC 2007 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=115293 
>Unformatted:
